Access control in a set top box, or in any other type of pay-per-view system, is often controlled by encrypting the material, and selectively decrypting the authorized material or program. For some conventional set top box chips, this conditional access/decryption scheme is controlled by a smart card containing the key management and accounting software, and a software application called the "verifier".
The verifier is part of the application software supplied by a set top box manufacturer and by NDC (News Digital Systems); it is NDC which is responsible for the set top box security.
When a set top box manufacturer decides to use a particular decryption chip for their set top box, they have to port the verifier to their specific set top box, and then confirm that none of the final application software interferes with, or defeats the security system. This is often a very painful and expensive process. Expensive to the box manufacturer, and painful to both them and NDC to ensure the security system still works properly.
Further if critical parts of the NDC system become internal to an integrated circuit set top box chip, including the decryption function, NDC still desires a way to identify uniquely the system. Current settop boxes use a small EEPROM in the decryption chip with a unique serial number in it. Unfortunately, embedded EEPROM/flash capability is always process specific and does not shrink or migrate very readily as the decryption chip is shrunk or especially when an ASIC containing other settop box components and the decryption chip is shrunk. One alternative solution is to have a small EEPROM on the settop box system board that contains the serial number. While this approach works fine, it has two disadvantages: 1) the cost of the separate EEPROM, and 2) the ability of an unauthorized user to change the serial number by changing or re-programming the EEPROM.
Although it is important that each settop box IC or ASIC operate in the same manner electrically, it would be beneficial from a cost and security standpoint if the integrated circuit chip or ASIC containing the decryption function could generate a unique serial number.
These and other disadvantages of the prior art are overcome by the present invention, however, and improved methods and apparatus for identification systems for integrated circuits are provided.